From adc1007d7d35726890a2999342c49f8daf11a02a Mon Sep 17 00:00:00 2001
From: Joe Testa <jtesta@positronsecurity.com>
Date: Sat, 4 Jul 2020 09:41:46 -0400
Subject: [PATCH] Mark 'gss-group1-sha1-' kex as failure due to 1024-bit
 modulus.

---
 ssh-audit.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/ssh-audit.py b/ssh-audit.py
index d0a7fa5..fdd91bf 100755
--- a/ssh-audit.py
+++ b/ssh-audit.py
@@ -644,7 +644,7 @@ class SSH2:  # pylint: disable=too-few-public-methods
                 'gss-group1-sha1-toWM5Slw5Ew8Mqkay+al2g==': [[], [FAIL_1024BIT_MODULUS, FAIL_OPENSSH67_UNSAFE, FAIL_OPENSSH70_LOGJAM], [WARN_HASH_WEAK]],
                 'gss-gex-sha1-toWM5Slw5Ew8Mqkay+al2g==': [[], [], [WARN_HASH_WEAK]],
                 'gss-gex-sha1-': [[], [], [WARN_HASH_WEAK]],
-                'gss-group1-sha1-': [[], [], [WARN_HASH_WEAK]],
+                'gss-group1-sha1-': [[], [FAIL_1024BIT_MODULUS], [WARN_HASH_WEAK]],
                 'gss-group14-sha1-': [[], [], [WARN_HASH_WEAK]],
                 'gss-group14-sha1-toWM5Slw5Ew8Mqkay+al2g==': [[], [], [WARN_HASH_WEAK]],
                 'gss-group14-sha256-toWM5Slw5Ew8Mqkay+al2g==': [[]],